[imp] IMAP Connection Issue: "no auth attempts"
Alexander Lasley
alasley at mail.redskylab.com
Thu Feb 12 00:59:51 UTC 2015
On 02/11/2015 04:08 AM, Arjen de Korte wrote:
> Citeren Jan Schneider <jan at horde.org>:
>
>> Zitat von Alexander Lasley <alasley at mail.redskylab.com>:
>>
>>> After installing IMP, testing the IMAP connection via
>>> /test.php?app=imp is successful; "Namespace Information" and "IMAP
>>> server capabilities" are shown to me. However, connections through
>>> the web interface fail. I have tried two different things:
>>>
>>> 1) Logging in to the mail account while logged in to Horde as the
>>> default "Administrator" user. This fails and produces the message
>>> "User Administrator is not authorized for Mail" in the logs. I
>>> stopped here because this is ultimately not the way I intend to use
>>> Horde/IMP anyway.
>>> 2) Using IMP as the application to handle authentication for Horde.
>>> This fails and produces slightly more useful information in the logs.
>>>
>>> Web server information:
>>> CentOS 6.6
>>> nginx 1.0.15 installed via yum *
>>> php-fpm 5.4.37 installed via yum
>>> Horde 5.2.3 installed via PEAR
>>> IMP 6.2.7 installed via PEAR
>>>
>>> Mail server information:
>>> CentOS 6.6
>>> dovecot 2.0.9 installed via yum
>>>
>>> * I know that nginx isn't officially supported, but my issue does
>>> not seem related to the web server; no relevant error messages are
>>> showing up in nginx's log.
>>>
>>> I've replaced sensitive information in the logs with the following:
>>> Horde installed into the document root /path/to/horde
>>> Horde running on webmail.domain.tld with IP address xxx.xxx.xxx.xxx
>>> Dovecot/Postfix running on mail.domain.tld with IP address
>>> yyy.yyy.yyy.yyy
>>> Attempting to log in as username at mail.domain.tld
>>> My personal IP zzz.zzz.zzz.zzz
>>>
>>> Dovecot logs:
>>> Feb 11 06:40:46 mail dovecot: auth: Debug: Loading modules from
>>> directory: /usr/lib64/dovecot/auth
>>> ...
>>> Feb 11 06:40:46 mail dovecot: auth: Debug: auth client connected
>>> (pid=20366)
>>> Feb 11 06:41:16 mail dovecot: imap-login: Disconnected (no auth
>>> attempts): rip=xxx.xxx.xxx.xxx, lip=yyy.yyy.yyy.yyy, TLS
>>> handshaking: Disconnected
>>>
>>> Horde logs:
>>> Feb 11 06:39:36 web-ln1 HORDE: [imp] [login] Error when
>>> communicating with the mail server. [pid 3243 on line 730 of
>>> "/path/to/horde/imp/lib/Imap.php"]
>>> Feb 11 06:39:36 web-ln1 HORDE: [imp] FAILED LOGIN for
>>> username at mail.domain.tld (zzz.zzz.zzz.zzz) to
>>> {imap://mail.domain.tld:993/} [pid 3243 on line 157 of
>>> "/path/to/horde/imp/lib/Auth.php"]
>>> Feb 11 06:39:36 web-ln1 HORDE: [horde] FAILED LOGIN for
>>> username at mail.domain.tld to horde (24.107.154.151) [pid 3243 on line
>>> 199 of "/path/to/horde/login.php"]
>>>
>>> /path/to/horde/imp/config/backends.php:
>>> $servers['imap'] = array(
>>> 'disabled' => false,
>>> 'name' => 'IMAP Server',
>>> 'hostspec' => 'mail.domain.tld',
>>> 'hordeauth' => false,
>>> 'protocol' => 'imap',
>>> 'port' => 993,
>>> 'secure' => 'tls',
>>> );
>>>
>>> Dovecot is configured to expect 'PLAIN' or 'LOGIN' authentication
>>> over TLS. I can't seem to find any documentation on setting the IMAP
>>> authentication mechanism. But IMP doesn't seem to be passing along
>>> incorrect credentials; it doesn't seem to be passing any credentials
>>> at all.
>>>
>>> Thanks for your time,
>>>
>>> Alex
>>> --
>>> imp mailing list
>>> Frequently Asked Questions: http://wiki.horde.org/FAQ
>>> To unsubscribe, mail: imp-unsubscribe at lists.horde.org
>>
>> 1) Don't edit backends.php!
>> 2) Enable debug logs (in backends.local.php!) and check the IMAP
>> connection logs.
>
> And are you sure you're supporting STARTTLS on port 993? By default,
> Dovecot will accept SSL only on port 993, so the STARTTLS is never
> offered. You probably only need to override the hostspec variable in
> imp/config/backends.local.php:
>
> <?php
> $servers['imap']['hostspec'] = 'mail.domain.tld';
>
> If you really want to use port 993, you'll probably need to append the
> following two lines:
>
> $servers['imap']['port'] = 993;
> $servers['imap']['secure'] = 'ssl';
>
> But the recommended solution, is to use STARTTLS on port 143 instead.
>
>
>
Thank you both for your prompt replies.
Indeed, my mail server is not configured to use STARTTLS. Perhaps I
should explain the source of my confusion.
My mail server accepts connections encrypted with TLS (1.0, 1.1, 1.2),
and rejects connections encrypted with SSL (2.0, 3.0). Therefore, I
assumed that 'tls' was the correct setting. However, I see now that the
configuration should be interpreted as follows:
// use SSL/TLS with STARTTLS
$servers['imap']['secure'] = 'tls';
// use SSL/TLS without STARTTLS
$servers['imap']['secure'] = 'ssl';
I will make a note of this for the future. Thanks for helping me resolve
my problem.
Alex
More information about the imp
mailing list